I'm building a Swift app for streaming video to YouTube, but I can't get past the liveBroadcast-insertion step. The app prints out a cURL representation of each request it makes; this is the insertion one:
curl "https://www.googleapis.com/youtube/v3/liveBroadcasts?part=id%252CcontentDetails%252Csnippet%252Cstatus&key=<app-key>" \
--request POST \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json'\
--data '{"kind":"youtube#liveBroadcast","snippet":{"title":"Simulator","scheduledStartTime":"2019-09-04T18:18:50Z"},"status":{"privacyStatus":"public"}}'
This gives me the following error response:
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Project <redacted> is not found and cannot be used for API calls. If it is recently created, enable YouTube Data API by visiting https://console.developers.google.com/apis/api/youtube.googleapis.com/overview?project=40586258927 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"extendedHelp": "https://console.developers.google.com/apis/api/youtube.googleapis.com/overview?project=<redacted>"
}
],
"code": 403,
"message": "Project <redacted> is not found and cannot be used for API calls. If it is recently created, enable YouTube Data API by visiting https://console.developers.google.com/apis/api/youtube.googleapis.com/overview?project=<Foo> then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."
}
}
I'm not sure where it's getting the name Project <redacted>, as that doesn't match the project that I logged into.
I've checked the following SO questions, to no avail:
youtube analytics api error 403, accessNotConfigured
This one is 6 years old, and there's no longer a YouTube Analytics API. My project does have the YouTube Data API enabled.
Youtube API key - accessNotConfigured error I also tried creating a whole new YouTube project, but that didn't work.
and others.
I also started getting this same error, same problem, no explanation, around the same time as you.
Related
I am trying to upload a Video to my YouTube account using my own Application(Spring-boot) with the help of Google Library. But every time when I try to call the insert API of YouTube it asks for a Physical Sign in to Google Account. I want to upload my Video without Google Signin via passing the API Key or the client credentials(generated in Google Console for OAuth) in a post Request. I don't want to signin to google every time to upload a video. My account should be verified with the credentials I provide in the post Request.
curl --request POST
'https://youtube.googleapis.com/youtube/v3/videos?key=[YOUR_API_KEY]'
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]'
--header 'Accept: application/json'
--header 'Content-Type: application/json'
--data '{}'
--compressed
Another Question is How I can get [YOUR_ACCESS_TOKEN] ..?
End Point URL : POST https://www.googleapis.com/upload/youtube/v3/videos
Google Link : YouTube Upload Video steps
Any Suggestion would be Very Helpful.
JAVA code snippet :
you can find this on Google Link.
The only way to do that would be to request offline access. At which point you should get a refresh token back. You can then use the refresh token to request a new access token at a later date without requiring that you login to google again.
Since your code is in Curl i have posted a response using Curl, even though your question mentons java.
# Authorization link. Place this in a browser and copy the code that is returned after you accept the scopes.
https://accounts.google.com/o/oauth2/auth?client_id=[Application Client Id]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=[Scopes]&response_type=code
# Exchange Authorization code for an access token and a refresh token.
curl \
--request POST \
--data "code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
# Exchange a refresh token for a new access token.
curl \
--request POST \
--data 'client_id=[Application Client Id]&client_secret=[Application Client Secret]&refresh_token=[Refresh token granted by second step]&grant_type=refresh_token' \
https://accounts.google.com/o/oauth2/token
Code ripped from my Gist
I have a problem with thingsBoard, I can make a relation in the website with a user account and I tried to relate a device to an asset but when it comes to rest API it gives me a 403 error code.
I used swagger UI and I used entity-relation API and I used save relation API for this.
I believe that your problems is that you are not logged to your swagger.
In your image, look the exclamation sign inside the red circle, that meaning you didn't set your token on the swagger.
How to get the token:
curl --location --request POST 'http://YOUR_IP_ADDRESS/api/auth/login'
--header 'Content-Type: application/json'
--header 'Accept: application/json'
--data-raw '{
"username": "YOUR_EMAIL_ADDRESS",
"password": "YOUR_PASSWORD"
}'
With the token received, go back to the top of the swagger and looking for the "authorize" button. There put your token.
When you go back to your operation, you can see that the exclamation sign now is in a blue circle. Try again! Now, your operation should work!!
We have a verified app with the following scopes:
https://www.googleapis.com/auth/youtube.force-ssl
https://www.googleapis.com/auth/youtubepartner
https://www.googleapis.com/auth/youtube
This means we can use the YouTube Data API and YouTube Content ID API (for YouTube Partners).
We are trying to do ad inserts (insert LiveCuepoints) for a live broadcast on a YouTube partner channel, which is connected via our verified app. We are getting the following error when we use the LiveCuepoint insert API endpoint:
Request
POST /youtube/partner/v1/liveCuepoints?channelId={channelId}&onBehalfOfContentOwner={contentOwnerId} HTTP/1.1
Authorization: Bearer {accessToken}
Content-Type: application/json; charset=utf-8
Host: www.googleapis.com
Content-Length: 57
{"broadcastId":"{broadcastId}","settings":{"cueType":"ad"}}
Response
{
"error": {
"code": 403,
"message": "Forbidden",
"errors": [
{
"message": "Forbidden",
"domain": "global",
"reason": "forbidden"
}
]
}
}
Other requests (with the same credentials) to the YouTube Content ID API (such as listing contentOwners or listing liveBroadcasts) are working fine and without errors.
We’ve tried debugging this issue for many hours, researched online and tried different solutions but couldn’t get this to work. Is there a special scope, setting or access needed to do ad inserts in a live broadcast? Is anyone having working example code to do liveCuepoint inserts?
For anyone interested: I found the solution.
We connected (via our verified app) as a channel. This was a mistake, you have to authenticate with an account, and this account must have administrator rights.
Now you receive an access token which can access all content owners and channels connected to that account. Inserting liveCuePoints now works fine!
By testing OAuth 2.0 Web Server Flow for Web App Integration in Salesforce, I've found a way to negotiate an access token by doing something somewhat weird.
Here is the scenario.
I've create two accounts :
phdezann+user01-mbpt#force.com
phdezann+user02-8wl6#force.com
With the second account, I've created an New Connected App and enabled Enable OAuth Settings and got a pair of clientId and secretId, part of the OAuth protocol.
Then, I've requested an authorization code by going to :
https://login.salesforce.com/services/oauth2/authorize?client_id=<client_id_of_user02_instance>&redirect_uri=http://localhost:8080&response_type=code
Here, and this is the interesting part, I logged in with the user01 and managed to get an authorization code in the callback.
And finally, I've tried to convert that authorization code to an access token :
curl \
--location \
--request POST 'https://login.salesforce.com/services/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=<authorization_code_from_user01>' \
--data-urlencode 'client_id=<client_id_of_user02_instance>' \
--data-urlencode 'client_secret=<client_secret_of_user02_instance>' \
--data-urlencode 'redirect_uri=http://localhost:8080'
And, it worked. I got :
{
"access_token": "00D2X00000....",
"signature": "CSfC0khkT7...",
"scope": "api",
"instance_url": "https://eu13.salesforce.com",
"id": "https://login.salesforce.com/id/00D2X000003IgQFUA0/0052X00000AP6AdQAL",
"token_type": "Bearer",
"issued_at": "1596728532049"
}
I really don't get how this is possible, I surely miss something here.
That's by design and it's an OAuth2 thing, not really Salesforce thing.
If you would be making a mobile app or some amazing integration with your website - it's impractical to ask every admin to generate the app, paste keys to your mobile app and distribute to users... You'd ship your app with one pair of keys you control and then the end users decide if they trust you, want to proceed, are comfortable with the level of access you are requesting...
You can paste your keys to https://openidconnect.herokuapp.com/
or use it as is and get to your orgs.
See also https://salesforce.stackexchange.com/q/213666/799 and https://salesforce.stackexchange.com/q/70489/799
Hi I have the Google OAuth 2 explicit flow working according to:
https://developers.google.com/identity/protocols/OAuth2WebServer
I also have the implicit flow working on iOS with GIDSignIn, specifically I get the GIDSignInDelegate::sign(_ signIn: GIDSignIn!, didSignInFor user: GIDGoogleUser!, withError error: Error!) callback and have access to user.authentication.accessToken and user.authentication.refreshToken.
I'm trying to pass that refreshToken back to our private app server so that it can make requests on behalf of the user (mainly because it's easier to just sign in with the SDK than make the front end developers deal with raw URL requests).
However, when I try to use that refresh token to get a new access token on the back end:
curl --request POST \
--url https://www.googleapis.com/oauth2/v4/token \
--header 'cache-control: no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'client_id={client_id}&client_secret={client_secret}&refresh_token={refresh_token}&grant_type=refresh_token'
It returns:
{ "error": "invalid_grant", "error_description": "Bad Request" }
I think the issue is that my server has a client id and secret, but iOS only has a client id. Without a secret (sometimes called key) corresponding to the iOS client id, there is no way for me to refresh the token on the back end. I was hopeful that Google would detect that both the server client id and iOS client id were registered to the same app and let the server refresh the token with its credentials, but that doesn't work.
I've looked at both the "API keys" and "OAuth 2.0 client IDs" sections at:
https://console.developers.google.com/apis/credentials
But am at a loss.
Does anyone know a curl command for refreshing a token acquired through the iOS SDK?
Or is this simply not possible?
Thanks!
For anyone reading this, I got it working:
On a whim I tried calling the refresh token endpoint without passing client_secret (as there isn't one when using implicit flow on mobile). Here is the curl:
curl --request POST \
--url https://www.googleapis.com/oauth2/v4/token \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'client_id={client_id}&refresh_token={refresh_token}&grant_type=refresh_token'
This appears to be undocumented. The closest example I found is at https://developers.google.com/identity/protocols/OAuth2InstalledApp#refresh but it shows client_secret=your_client_secret& and never mentions that with implicit flow, front end web and mobile apps don't normally use a client secret.
Please don't upvote my answer, as I haven't done anything. OAuth is generally not documented very well, or contains code snippets pertaining to platform SDKs without the underlying URL requests or curl examples. SDKs are often opaque/closed-source so would require dropping down to tcpdump or packet sniffing to see what's going on. I didn't do the due diligence, I just got lucky.
I have sent feedback to Google but if this issue has affected you, you can click the gear in Gmail and "Send feedback" to hopefully get documentation updated more quickly.
Please refer to this link:
https://developers.google.com/identity/sign-in/ios/offline-access
From the reference, you have to do 2steps below to let your server able to refresh your access token
Make sure your server and iOS app use credentials of the same project, 1 browser key and 1 iOS key
Add this line: [GIDSignIn sharedInstance].serverClientID = your_server_client_id